[Samba] Samba LDAP kerberos tickets problem

DAVID ZHOU zhouwei926 at gmail.com
Wed Nov 16 03:01:05 MST 2011


Hi,

I am using Samba to join AD.But have a problem with version 3.4.7 which not
meet in version 3.2.5.

Here is my steps:
in version 3.2.5
1. set smb.conf and krb5.conf the realm to test.com; in  smb.conf   set use
kerberos keytab = true
2. net ads join -U  Administrator%Password createupn=test at test.com
 createcomputer="Computers"
3. net ads keytab create

The three steps will have no error and all successfully, the use klist, the
ldap/ds1.test.com at TEST.COM ticket will available in the output.

But in version 3.4.7
 1. set smb.conf and krb5.conf the realm to test.com; in
 smb.conf   kerberos method = system keytab
2. net ads join -U  Administrator%Password createupn=test at test.com
 createcomputer="Computers"
3. net ads keytab create

Step 1 and Step 2 will successfully. But when I run step 3, it ask me to
input root's password, the did not happen when using version 3.2.5.   Then
I have to use net ads keytab create  -U  Administrator%Password  to make it
running successfully, but after this when I use klist, the
ldap/ds1.test.com at TEST.COM ticket does not  exist. So what happens and how
can I make it like the version 3.2.5 ?

When I try to use net -k ads keytab create, the exit value will be -1
and when I add debug information, the error will be : ads_krb5_mk_req:
krb5_get_credentials failed ( ldap/ds1.test.com at TEST.COM)  ( Cannot find
ticket for requested realm)

Can anyone help me ? Thanks very much in advance !


More information about the samba mailing list